Communications network security generally and computer network security in particular are frequently the objects of sophisticated attacks by unauthorised intruders, including hackers. Intruders to such networks are increasingly skilled at exploiting network weaknesses to gain access and unauthorized privileges, making it difficult to detect and trace such attacks. Moreover, security threats such as viruses and worms do not need human supervision and are capable of replicating and travelling to other networked systems. Such intrusions can damage computer systems and adversely affect vital interests of entities associated with the affected network.
Existing Network Intrusion Detection Systems (NIDS) are unsuitable for deployment on every host in a network due to problems that are inherent in the architecture of such NIDS. NIDS use promiscuous mode capture and analysis, which induces significant overhead on the system and are vulnerable to insertion and evasion attacks.
Ptacek, Thomas H., and Newsham, Timothy N., “Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection”,
(http://secinf.net/info/ids/idspaper/idspaper.html), describe further details, including network intrusion detection.